IOC Report
Nota-fiscal2.1.msi

loading gif

Files

File Path
Type
Category
Malicious
Nota-fiscal2.1.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
initial sample
malicious
C:\Config.Msi\50269e.rbs
data
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.dll
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Agent.Package.Availability.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Atera.Agent.Package.Infrastructure.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\MQTTnet.Extensions.ManagedClient.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\MQTTnet.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.Abstractions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.Binder.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.CommandLine.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.FileExtensions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.UserSecrets.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Configuration.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.DependencyInjection.Abstractions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.DependencyInjection.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.FileProviders.Abstractions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.FileProviders.Physical.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.FileSystemGlobbing.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Hosting.Abstractions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Hosting.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Abstractions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Configuration.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Console.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.Debug.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.EventLog.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.EventSource.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Logging.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Options.ConfigurationExtensions.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Options.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Microsoft.Extensions.Primitives.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Newtonsoft.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Polly.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Serilog.Extensions.Hosting.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Serilog.Extensions.Logging.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Availability\Serilog.Sinks.File.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious